package com.qf.springbootshiro.user.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class OrderController {
    @RequestMapping("manager")
    public String manager() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.hasRole("admin")) {
            System.out.println("有admin");
            if (subject.isPermitted("order:*")) {
                System.out.println("有所有权限");
                return "redirect:/order.html";
            } else {
                System.out.println("无manager权限");
                return "redirect:/error.html";
            }
        } else {
            System.out.println("无admin");
            return "redirect:/error.html";
        }
    }

    @RequiresRoles(value = {"admin", "user"})//用来判断角色  同时具有 admin user
    @RequiresPermissions("order:save") //用来判断权限字符串
    @RequestMapping("/save")
    public String save() {
        System.out.println("进入方法");
        return "redirect:/order.html";
    }
}
